Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   ArchLinux Development (http://www.linux-archive.org/archlinux-development/)
-   -   makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined (http://www.linux-archive.org/archlinux-development/275808-makechrootpkg-use-hosts-srcdest-pkgdest-if-they-defined.html)

Eric Bélanger 11-06-2009 04:53 AM

makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined
 
On Thu, Nov 5, 2009 at 2:15 PM, Rogutės Sparnuotos
<rogutes@googlemail.com> wrote:
> Daenyth Blank (2009-11-05 13:07):
>> On Thu, Nov 5, 2009 at 13:03, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>> > I was thinking more along the lines of:
>> >
>> > Original: eval $(grep '^SRCDEST=' /etc/makepkg.conf)
>> >
>> > SRCDEST=$(grep '^SRCDEST=' /etc/makepkg.conf | cut -d= -f2)
>> > PKGDEST=$(grep '^PKGDEST=' /etc/makepkg.conf | cut -d= -f2)
>> >
>>
>> I believe that should work... Make sure to throw in a -d -w check
>> after, to make sure it's right... I think a malicious line (".. && rm
>> -rf /") would simply get stored as a string.. as long as we quote
>> everything properly and unset it if it's not right, I'm pretty sure
>> it's not dangerous. It could however, fail in cases where it's split
>> over multiple lines. I don't think that's a reason not to do it
>> though, I can't imagine a reason for such a thing.
>
> This wouldn't work for
> SRCDEST="/path/to/dir"
> SRCDEST='/path/to/dir'
>
> But sed should be able to do it:
> SRCDEST=$(sed -nr "/^SRCDEST=/{s/[^=]+=(['"]?)(.+)1/2/p}" /etc/makepkg.conf)
>
> --
> -- *Rogutės Sparnuotos
>

Let me know when you guys agree on a better (safer) way to implement
this. I'll then sent a corrected patch.

Eric Bélanger 11-06-2009 04:53 AM

makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined
 
On Thu, Nov 5, 2009 at 2:15 PM, Rogutės Sparnuotos
<rogutes@googlemail.com> wrote:
> Daenyth Blank (2009-11-05 13:07):
>> On Thu, Nov 5, 2009 at 13:03, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>> > I was thinking more along the lines of:
>> >
>> > Original: eval $(grep '^SRCDEST=' /etc/makepkg.conf)
>> >
>> > SRCDEST=$(grep '^SRCDEST=' /etc/makepkg.conf | cut -d= -f2)
>> > PKGDEST=$(grep '^PKGDEST=' /etc/makepkg.conf | cut -d= -f2)
>> >
>>
>> I believe that should work... Make sure to throw in a -d -w check
>> after, to make sure it's right... I think a malicious line (".. && rm
>> -rf /") would simply get stored as a string.. as long as we quote
>> everything properly and unset it if it's not right, I'm pretty sure
>> it's not dangerous. It could however, fail in cases where it's split
>> over multiple lines. I don't think that's a reason not to do it
>> though, I can't imagine a reason for such a thing.
>
> This wouldn't work for
> SRCDEST="/path/to/dir"
> SRCDEST='/path/to/dir'
>
> But sed should be able to do it:
> SRCDEST=$(sed -nr "/^SRCDEST=/{s/[^=]+=(['"]?)(.+)1/2/p}" /etc/makepkg.conf)
>
> --
> -- *Rogutės Sparnuotos
>

Let me know when you guys agree on a better (safer) way to implement
this. I'll then sent a corrected patch.


All times are GMT. The time now is 11:39 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.